Multiple targets, including some TV sites, government and court websites, and businesses around Georgia, have been attacked by a cyber-attack, which led to thousands of sites going offline and defaced. A preliminary investigation into the attack revealed that while sensitive government infrastructures were not targeted by the attackers, it was determined that the intrusion was politically motivated.
Dubbed as the “I’ll Be Back” attack, the hackers were able to temporarily shut down the online operations of two Georgian TV broadcasters, Imedi TV and Maestro.
Investigators said that the Georgia cyber-attack appears to be random and has affected personal, business, and local newspaper sites. The hackers have defaced the affected websites had their home pages replaced with images of former President Mikheil Saakashvili and a banner bearing the words: “I’ll be back.”
Saakashvili is currently on the lose and is wanted for a series of charges in Tbilisi. He previously announced that he is in a self-imposed exile in Ukraine.
15,000 sites hosted by Proservice were affected by Georgia cyber-attack
What made the attack worse is the fact that the attackers were able to target one of Georgia’s biggest web hosting providers. Proservice web hosting’s servers were affected by the attack, and by extension, all of the 15,000 sites that it hosts have also be defaced by the same political propaganda.
The company currently is displaying a message in its home page saying that the attack already being “repelled.” According to Proservice, the attack took place on October 28 and described it as “one of the largest cyber-attacks on the cyberspace of Georgia at dawn.”
“One of the targets of the attack is a server owned by Proservice, which houses websites of state agencies, the private sector, and media organizations. As a result of the attack, some 15,000 subscribers of Web site servers on the Proservice server crashed,” the statement from Proservice reads.
The company also noted that they had reported the incident to the Ministry of Internal Affairs and leading experts in cybersecurity as soon as they discovered the malicious activity on the sites that they are hosting.
“Once the problem is discovered, Proservice, along with the Ministry of Internal Affairs and leading experts in the field, is working to eliminate the problem completely,” they said.
As of October 28, 8:00 pm, approximately 50% of the affected sites have been recovered and restored following the attack, the statement added. “The company is actively working to eliminate the problem. The process will continue all night long, and web pages will be restored by the end of tomorrow. Proservice expresses its deepest condolences to the owners of all its dedicated web servers and thanks to everyone for their support and assistance during these difficult times.”
Is the attack related to the 2008 Georgia cyber-attacks linked to Russia?
The intensity and the large-scale nature of the “I’ll Be Back” attack have lead people to suspect that it was a state-sponsored attack linked to past massive attacks against Georgian cyberspace back in 2008. Eleven years ago, the Georgian government, banking, and media were also taken offline. The investigation on the 2008 incident led investigators to conclude that the internet traffic in Georgia was rerouted to Russian controlled servers.
Professor Alan Woodward, a cyber-security expert at Surrey University, tweeted that given “the scale and the nature of the targets, it’s difficult not to conclude that this was a state-sponsored attack.”